free
/
freedombone
Obserwuj 1
Gwiazdka 0
Forkuj 0
Kod Problemy 0 Pull Requests 0 Wydania 0 Wiki Aktywność
Przeglądaj źródła

Link to the administrator's keyring

Bob Mottram 9 lat temu
rodzic
0c8d839c83
commit
5fbdc57fd3
1 zmienionych plików z 21 dodań i 6 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 21
    6
      src/freedombone-app-mailpile

+ 21
- 6
src/freedombone-app-mailpile Wyświetl plik 

@@ -319,10 +319,13 @@ function install_mailpile {
319 319 
         echo '  location / {' >> $mailpile_nginx_site
320 320 
         function_check nginx_limits
321 321 
         nginx_limits $MAILPILE_DOMAIN_NAME '15m'
322 
-        echo "    proxy_pass        http://localhost:${MAILPILE_PORT}/;" >> $mailpile_nginx_site
323 
-        echo '    proxy_set_header X-Forwarded-Host $host;' >> $mailpile_nginx_site
324 
-        echo '    proxy_set_header X-Forwarded-Server $host;' >> $mailpile_nginx_site
322 
+        echo '    rewrite /(.*) /$1 break;' >> $mailpile_nginx_site
323 
+        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $mailpile_nginx_site
325 324 
         echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
325 
+        echo '    proxy_set_header Host $http_host;' >> $mailpile_nginx_site
326 
+        echo '    proxy_set_header X-NginX-Proxy true;' >> $mailpile_nginx_site
327 
+        echo "    proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
328 
+        echo '    proxy_redirect off;' >> $mailpile_nginx_site
326 329 
         echo '  }' >> $mailpile_nginx_site
327 330 
         echo '' >> $mailpile_nginx_site
328 331 
         nginx_keybase ${MAILPILE_DOMAIN_NAME}
 
@@ -347,10 +350,13 @@ function install_mailpile {
347 350 
     echo '  location / {' >> $mailpile_nginx_site
348 351 
     function_check nginx_limits
349 352 
     nginx_limits $MAILPILE_DOMAIN_NAME '15m'
350 
-    echo "    proxy_pass        http://localhost:${MAILPILE_PORT}/;" >> $mailpile_nginx_site
351 
-    echo '    proxy_set_header X-Forwarded-Host $host;' >> $mailpile_nginx_site
352 
-    echo '    proxy_set_header X-Forwarded-Server $host;' >> $mailpile_nginx_site
353 
+    echo '    rewrite /(.*) /$1 break;' >> $mailpile_nginx_site
354 
+    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $mailpile_nginx_site
353 355 
     echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
356 
+    echo '    proxy_set_header Host $http_host;' >> $mailpile_nginx_site
357 
+    echo '    proxy_set_header X-NginX-Proxy true;' >> $mailpile_nginx_site
358 
+    echo "    proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
359 
+    echo '    proxy_redirect off;' >> $mailpile_nginx_site
354 360 
     echo '  }' >> $mailpile_nginx_site
355 361 
     echo '' >> $mailpile_nginx_site
356 362 
     nginx_keybase ${MAILPILE_DOMAIN_NAME}
 
@@ -396,6 +402,15 @@ function install_mailpile {
396 402 
     # if strict https is enforced then buttons don't work. This is probably a security bug
397 403 
     sed -i "s/Content-Security-Policy/d" $mailpile_nginx_site
398 404
405 
+    # link to the administrator's keyring
406 
+    if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg ]; then
407 
+        mv /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg_orig
408 
+    fi
409 
+    ln -s /home/$MY_USERNAME/.gnupg /var/www/$MAILPILE_DOMAIN_NAME/mail/
410 
+    chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
411 
+    # unless the directory is executable we can't log in
412 
+    chmod +x /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
413 
+
399 414 
     systemctl enable mailpile
400 415 
     systemctl daemon-reload
401 416 
     systemctl start mailpile